NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] ISAKMP



ISAKMP - internet security association and key management protocol is a
standard by IETF. 
It is used for automatic asymmetric and symmetric key exchanges over the
internet. In a nutshell it has two phases 

Phase 1 - the Certificate Authority's (CA) Public keys are exchanged and
then the Diffie hellman (DH) public keys are exchanged.
 
 the DH public keys are signed by the CA private key inorder to authenticate
the DH keys. this is the reason for exchange of the CA public keys. once
authenticated the DH keys are used to arrive at a shared session key
(symmetric) that in turn is used for the encryption of data.

 So in phase one the asymmetric key exchange takes place.

 
..... Enter Phase II

 Get to the shared secret and negotiate the packet encryption (DES, 3DES)
and authentication algorithms (SHA1 and MD5),encapsulation scheme (tunnel or
inplace/transport, ect. also known as a security association (SA). once the
security association is set up the data can be encrypted and decrypted on
both ends.   

 Internet key exchange(IKE) utilizes ISAKMP/OAkLEY for key negotiations and
IPSEC for data encryption and really kicks ass!!

 Hope this helps.

 Amit Kaushal 
 Security consultant
 

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, January 24, 2001 6:34 AM
To: [email protected]
Subject: [FW1] ISAKMP



Hi all,

can anyone explain ISAKMP to me with 10 to 20 sentences ?

Thankx,
Joerg



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.